2019 Impact Report: Encryption

Fact Sheet: Working From Home

Seven easy ways to keep you and your workplace safe online

No matter where you are in the world, chances are you’ve been affected in some way by COVID-19. The pandemic has sent workers and students home, canceled social events like graduations and weddings, and put mass populations — especially the elderly and immunocompromised — at risk.

In light of the restrictions around COVID-19, many employers are asking their employees to work from home. If you are fortunate enough to have this option, it’s important to make sure you’re not putting you and your workplace at greater risk of digital harm. Phishing and ransomware attacks are increasing as COVID-19 spreads; Cloudflare reported that cyber-attacks grew 37 percent in the United Kingdom in March 2020.

You wouldn’t ask a doctor or nurse to work without personal protective equipment. Neither should you.

GEAR UP: Follow these easy tips to secure the work you do in your home and on your home network.

1. Keep your smart assistants out of the room while you’re working.

Smart assistants are always listening for a “wake” word — like how your Amazon Echo will start paying attention to audio when it hears “Alexa”. This makes smart assistants a potential unintended eavesdropper on confidential work conversations during video and phone calls.

2. Use unique passwords and a password manager.

It may be convenient to use the same password for everything work-related, but this puts your workplace at greater risk of a data breach or an account hack. Once someone discovers your password, they can easily gain entrance into all of your work systems and compromise both your and your employer’s data.

Since it’s hard to remember unique passwords for every single work system, consider using a password manager. This lets you save all your unique passwords in one place, and often includes a feature that automatically inputs your passwords when logging into different accounts. The benefit of this solution is you only have to remember one master password to get access to all your accounts. Many different sites and platforms offer guidelines on how to pick the password manager that’s right for you; check out a few resources here, here, and here.

End-to-end (E2E) Encryption
This kind of encryption is highly secure and ensures that only the sender and intended recipient can read messages and information. With E2E encryption, even the communication service cannot access the information.

There are different types of two-factor authentication. One way is to have a code sent to you via SMS or email when you’re logging into a work system. Keep in mind that this method is not secure because SMS and email are often not encrypted. When your only choice is SMS, it is important that you protect your mobile number from a SIM swap attack. Some mobile operators allow users to enable a PIN or secret password to prevent such attacks.

A better option would be to use an authenticator app, which can either allow you to open the app to prove that it’s really you logging in, or it can generate different codes for you to enter every time you log in to a work system. The codes are often time-limited, so even if an attacker got access to them through your emails or SMS messages, they wouldn’t be able to use them again later.

4. Opt for online services with strong encryption.

Encryption is the best way to keep your data safe as you work from home. It is one of the strongest tools that online systems can use to protect user information, data, and core information systems. If you aren’t using systems secured by strong encryption, your own data and your employer’s information are at greater risk of a security breach.

Systems with strong encryption make it harder for others to access your communications, ensure that your content isn’t readable even if someone does get access, and help prevent an attacker from changing the information.

For both existing and new work systems, find out whether or not an online system automatically encrypts communications and data by taking a look at their privacy and security statements (aka “policies”). You can also do a simple online search to see if specific services use encryption and what they encrypt, but as with everything you search for, make sure any resources you rely on are credible and up-to-date. End-to-end encryption offers the strongest level of communications security, so make sure it’s in place before using new software. Sometimes applications don’t automatically turn on encryption, so be sure to check that you can turn it on yourself. Make sure your smartphone, tablet, laptop and/or any other connected devices you use are encrypted and protected with a strong and unique password wherever possible.

5. Use a VPN — even on your home network.

When you’re logged into your employer’s network while in the office, you may not always think about making sure that your connection is secure. Your company may do part of that for you through an intranet accessed via a secure portal. But when you’re working remotely, make sure you’re protecting all your traffic. A Virtual Private Network (VPN) may be an appropriate tool.

Some employers may automatically include VPNs on work laptops that employees take home. If you are working on a personal computer or your work computer doesn’t already have a VPN, read up on how to choose and download one that will secure your online activity on your workplace systems.

6. Update your software.

It’s easy to click “remind me tomorrow” when your software notifies you of updates, but updates often come with more than just new features. They also include fixes to bugs or security vulnerabilities. You can significantly improve your computer and data security by staying on top of software updates. This will also keep your employer’s network safer in the process.

Updating your software is even easier when you’re working from home. Try updating your software while you’re getting ready in the morning, on a lunch break, or after you’ve finished your work for the day.

7. Back up your files.

Anyone can be the victim of a ransomware attack. In these kinds of attacks, criminals will block access to data, systems and saved information, and hold the information hostage until the victim pays a ransom. While your workplace should always be backing up files, you should be extra diligent to secure your files while working from home.

Start by asking your employer for guidance on how to backup your files when working remotely. This can be done using a cloud provider and/or an external storage device. Make sure to disconnect the device holding your backed up files when not in use so you can still access them if your original files are compromised. The backup should be encrypted and password protected.

Related articles

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But did you know that by simply connecting your device to WiFi or delaying computer and software updates can put you and your workplace at risk of a cyberattack?

We care about your privacy and strive to limit our use of cookies to those that help improve our site and keep it relevant. By continuing to use this site, you agree to the use of cookies. To learn more about how you can control use of cookies
see our Cookie Policy